openssl 2.2.2 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +15 -0
  3. data/ext/openssl/extconf.rb +4 -1
  4. data/ext/openssl/openssl_missing.h +5 -0
  5. data/ext/openssl/ossl_ocsp.c +2 -1
  6. data/ext/openssl/ossl_pkey_ec.c +16 -12
  7. data/ext/openssl/ossl_ts.c +1 -1
  8. data/lib/openssl/version.rb +1 -1
  9. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ca57a155a863eab5ef5138956be25ab7915d701d10e7487605f3f909262aecdc
4
- data.tar.gz: ae7d5d15ae4944d79c8bd45a4279b4ab5fa021604ad8bb12759ebf3c9f6ff33d
3
+ metadata.gz: f857af7f016a99c4fa63e230d6d600b9fe1218bbd9db4b48a4d199e238d88d54
4
+ data.tar.gz: f0a5d84c663e4bbf75ffee3f307e2fb8c2cad5ccddb10ce1a72717b7cd7c5b43
5
5
  SHA512:
6
- metadata.gz: 479a5f07bc88c5cc20e4be271da0f1e0314c69bcde3a3b173871e6499f905cb5d0335cc91b7132eb7c1b10382c088f23e5734aa5eadb675979f65afeb3e9f9fe
7
- data.tar.gz: b3a5c5346ee5b3becedc9040c1a7e87344333c0cc1903566db1b24090897e45c186aded4e6c68f49eab16a13a42faf77d7adff89ea527fff5c73d4c0e976a27d
6
+ metadata.gz: 6f8c9773928207f07f5f905b826ddc7f2cd5019f6dcba3c3a08e920131646156eeb400b4b8540e509d53d3016a25e7a886ed6410eafda030852aeaa28d511491
7
+ data.tar.gz: 9baeda7c395d5e8b2830f418186a28dbd3a6f8476eee3ba0b3926f7a5aeaa81cd0614138c1d98c41a1a0db3f10b5aabcd6c34ec4700898c6bca28edbbdf9809d
data/History.md CHANGED
@@ -1,3 +1,18 @@
1
+ Version 2.2.3
2
+ =============
3
+
4
+ Bug fixes
5
+ ---------
6
+
7
+ * Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
8
+ with an incorrect class, which would end up with a TypeError.
9
+ [[GitHub #570]](https://github.com/ruby/openssl/pull/570)
10
+ * Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
11
+ incorrectly treated OpenSSL's internal errors as "not equal".
12
+ [[GitHub #564]](https://github.com/ruby/openssl/pull/564)
13
+ * Fix build with LibreSSL 3.5 or later.
14
+
15
+
1
16
  Version 2.2.2
2
17
  =============
3
18
 
data/ext/openssl/extconf.rb CHANGED
@@ -176,13 +176,16 @@ have_func("SSL_SESSION_get_protocol_version")
176
176
  have_func("TS_STATUS_INFO_get0_status")
177
177
  have_func("TS_STATUS_INFO_get0_text")
178
178
  have_func("TS_STATUS_INFO_get0_failure_info")
179
- have_func("TS_VERIFY_CTS_set_certs")
179
+ have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
180
180
  have_func("TS_VERIFY_CTX_set_store")
181
181
  have_func("TS_VERIFY_CTX_add_flags")
182
182
  have_func("TS_RESP_CTX_set_time_cb")
183
183
  have_func("EVP_PBE_scrypt")
184
184
  have_func("SSL_CTX_set_post_handshake_auth")
185
185
 
186
+ # added in 3.0.0
187
+ have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
188
+
186
189
  Logging::message "=== Checking done. ===\n"
187
190
 
188
191
  create_header
data/ext/openssl/openssl_missing.h CHANGED
@@ -254,4 +254,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
254
254
  } while (0)
255
255
  #endif
256
256
 
257
+ /* added in 3.0.0 */
258
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
259
+ # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
260
+ #endif
261
+
257
262
  #endif /* _OSSL_OPENSSL_MISSING_H_ */
data/ext/openssl/ossl_ocsp.c CHANGED
@@ -1069,7 +1069,8 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
1069
1069
  x509st = GetX509StorePtr(store);
1070
1070
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
1071
1071
  x509s = ossl_x509_ary2sk(certs);
1072
- #if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER)
1072
+ #if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || \
1073
+ defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000
1073
1074
  /*
1074
1075
  * OpenSSL had a bug that it doesn't use the certificates in x509s for
1075
1076
  * verifying the chain. This can be a problem when the response is signed by
data/ext/openssl/ossl_pkey_ec.c CHANGED
@@ -860,10 +860,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
860
860
  GetECGroup(a, group1);
861
861
  GetECGroup(b, group2);
862
862
 
863
- if (EC_GROUP_cmp(group1, group2, ossl_bn_ctx) == 1)
864
- return Qfalse;
865
-
866
- return Qtrue;
863
+ switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
864
+ case 0: return Qtrue;
865
+ case 1: return Qfalse;
866
+ default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
867
+ }
867
868
  }
868
869
 
869
870
  /*
@@ -1424,10 +1425,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
1424
1425
  GetECPoint(b, point2);
1425
1426
  GetECGroup(group_v1, group);
1426
1427
 
1427
- if (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx) == 1)
1428
- return Qfalse;
1428
+ switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
1429
+ case 0: return Qtrue;
1430
+ case 1: return Qfalse;
1431
+ default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
1432
+ }
1429
1433
 
1430
- return Qtrue;
1434
+ UNREACHABLE;
1431
1435
  }
1432
1436
 
1433
1437
  /*
@@ -1445,7 +1449,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
1445
1449
  switch (EC_POINT_is_at_infinity(group, point)) {
1446
1450
  case 1: return Qtrue;
1447
1451
  case 0: return Qfalse;
1448
- default: ossl_raise(cEC_POINT, "EC_POINT_is_at_infinity");
1452
+ default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
1449
1453
  }
1450
1454
 
1451
1455
  UNREACHABLE;
@@ -1466,7 +1470,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
1466
1470
  switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
1467
1471
  case 1: return Qtrue;
1468
1472
  case 0: return Qfalse;
1469
- default: ossl_raise(cEC_POINT, "EC_POINT_is_on_curve");
1473
+ default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
1470
1474
  }
1471
1475
 
1472
1476
  UNREACHABLE;
@@ -1485,7 +1489,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
1485
1489
  GetECPointGroup(self, group);
1486
1490
 
1487
1491
  if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
1488
- ossl_raise(cEC_POINT, "EC_POINT_make_affine");
1492
+ ossl_raise(eEC_POINT, "EC_POINT_make_affine");
1489
1493
 
1490
1494
  return self;
1491
1495
  }
@@ -1503,7 +1507,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
1503
1507
  GetECPointGroup(self, group);
1504
1508
 
1505
1509
  if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
1506
- ossl_raise(cEC_POINT, "EC_POINT_invert");
1510
+ ossl_raise(eEC_POINT, "EC_POINT_invert");
1507
1511
 
1508
1512
  return self;
1509
1513
  }
@@ -1521,7 +1525,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
1521
1525
  GetECPointGroup(self, group);
1522
1526
 
1523
1527
  if (EC_POINT_set_to_infinity(group, point) != 1)
1524
- ossl_raise(cEC_POINT, "EC_POINT_set_to_infinity");
1528
+ ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
1525
1529
 
1526
1530
  return self;
1527
1531
  }
data/ext/openssl/ossl_ts.c CHANGED
@@ -820,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
820
820
  X509_up_ref(cert);
821
821
  }
822
822
 
823
- TS_VERIFY_CTS_set_certs(ctx, x509inter);
823
+ TS_VERIFY_CTX_set_certs(ctx, x509inter);
824
824
  TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
825
825
  TS_VERIFY_CTX_set_store(ctx, x509st);
826
826
 
data/lib/openssl/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OpenSSL
4
- VERSION = "2.2.2"
4
+ VERSION = "2.2.3"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2022-09-08 00:00:00.000000000 Z
14
+ date: 2022-12-23 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: ipaddr
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
189
189
  - !ruby/object:Gem::Version
190
190
  version: '0'
191
191
  requirements: []
192
- rubygems_version: 3.3.8
192
+ rubygems_version: 3.4.0.dev
193
193
  signing_key:
194
194
  specification_version: 4
195
195
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.